package com.security.config.security;

import com.security.Filter.SecurityFilter.MyExpiredSessionStrategy;
import com.security.Filter.SecurityFilter.SecurityCaptchaCodeFilter;
import com.security.Filter.SecurityFilter.SecurityFailureHandler;
import com.security.Filter.SecurityFilter.SecuritySuccessHandler;
import com.security.system.service.SysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    SysUserService service;

    @Resource
    SecuritySuccessHandler successHandler;

    @Resource
    SecurityFailureHandler FailureHandler;

    @Resource
    SecurityCaptchaCodeFilter captchaCodeFilter;

    @Resource
    MobileCapchaSecurityConfig mobileCapchaSecurityConfig;

    @Bean
    protected BCryptPasswordEncoder bCryptPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(service)
                .passwordEncoder(bCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.addFilterBefore(captchaCodeFilter, UsernamePasswordAuthenticationFilter.class)
                .authorizeRequests()
                /*释放 静态支援*/
                .antMatchers("/public/**","/login/captcha","/mobilelogin","/mobileCapcha/getMobileCapcha").permitAll()
                .antMatchers("/index","/index/**").authenticated()
                /*设置 只允许 拥有 访问的 URL 的才能访问 */
                .anyRequest().access("@arbcServiceFilter.hasPermission(request,authentication)")
                .and()
                /*设置 表单登录*/
                .formLogin()
                /*设置 自定义 登录 页面路劲 get 请求*/
                .loginPage("/login")
                /*设置 认证请求路径 默认 "/login" */
                .loginProcessingUrl("/login")
                .successHandler(successHandler)
                .failureHandler(FailureHandler)
                .permitAll()
                .and()
                .apply(mobileCapchaSecurityConfig)
                .and()
                .logout()
                .logoutUrl("/logout")
                .invalidateHttpSession(true)
                .permitAll()
                .and()
                .csrf().disable()
                /*解决 iframe 不加载 的问题 */
                .headers().frameOptions().disable()
                .and()
                .sessionManagement()
                /*设置 session 创建 机制*/
                .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                /*会话超时 返回 URL*/
                .invalidSessionUrl("/login")
                .sessionFixation()
                .migrateSession()
                /*设置 同账号多端登录被下线需求*/
                .maximumSessions(1)
                .maxSessionsPreventsLogin(false)
                .expiredSessionStrategy(new MyExpiredSessionStrategy());
    }
}
